Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
EASM mistakes waiting to happen
Search
JR0ch17
January 25, 2022
Technology
0
40
EASM mistakes waiting to happen
JR0ch17
January 25, 2022
Tweet
Share
More Decks by JR0ch17
See All by JR0ch17
Traversing my way in the internal network
jr0ch17
0
140
Getting Started in Bug Bounty
jr0ch17
0
100
Getting Blindly Lucky
jr0ch17
0
74
Qu'est-ce que le bug bounty?
jr0ch17
0
110
Finding 5 bugs in a single parameter
jr0ch17
0
76
Beyond the Borders of Scope
jr0ch17
0
62
Bad API, hAPI Hackers!
jr0ch17
0
1.6k
Other Decks in Technology
See All in Technology
初めてのAzure FunctionsをClaude Codeで作ってみた / My first Azure Functions using Claude Code
hideakiaoyagi
1
210
BigQuery Remote FunctionでLooker Studioをインタラクティブ化
cuebic9bic
3
260
SalesforceArchitectGroupOsaka#20_CNX'25_Report
atomica7sei
0
140
あなたの声を届けよう! 女性エンジニア登壇の意義とアウトプット実践ガイド #wttjp / Call for Your Voice
kondoyuko
4
390
Definition of Done
kawaguti
PRO
6
480
AIエージェント最前線! Amazon Bedrock、Amazon Q、そしてMCPを使いこなそう
minorun365
PRO
13
4.8k
Amazon ECS & AWS Fargate 運用アーキテクチャ2025 / Amazon ECS and AWS Fargate Ops Architecture 2025
iselegant
16
5.3k
CSS、JSをHTMLテンプレートにまとめるフロントエンド戦略
d120145
0
280
Абьюзим random_bytes(). Фёдор Кулаков, разработчик Lamoda Tech
lamodatech
0
330
生成AIでwebアプリケーションを作ってみた
tajimon
2
140
AWS CDK 実践的アプローチ N選 / aws-cdk-practical-approaches
gotok365
6
690
Snowflake Summit 2025全体振り返り / Snowflake Summit 2025 Overall Review
mtpooh
2
390
Featured
See All Featured
The Web Performance Landscape in 2024 [PerfNow 2024]
tammyeverts
8
670
Creating an realtime collaboration tool: Agile Flush - .NET Oxford
marcduiker
30
2.1k
Faster Mobile Websites
deanohume
307
31k
Making the Leap to Tech Lead
cromwellryan
134
9.3k
Practical Tips for Bootstrapping Information Extraction Pipelines
honnibal
PRO
20
1.3k
[RailsConf 2023 Opening Keynote] The Magic of Rails
eileencodes
29
9.5k
GitHub's CSS Performance
jonrohan
1031
460k
Typedesign – Prime Four
hannesfritz
42
2.7k
CoffeeScript is Beautiful & I Never Want to Write Plain JavaScript Again
sstephenson
161
15k
A better future with KSS
kneath
239
17k
GraphQLの誤解/rethinking-graphql
sonatard
71
11k
Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End
smashingmag
252
21k
Transcript
EASM mistakes waiting to happen
GET /whoami HTTP/2 Jasmin Landry JR0ch17 Lead, IT & Security
at Montreal Canadiens fan
GET /agenda HTTP/2 EASM Common mistakes Hacker perspective
GET /EASM HTTP/2 What exactly is EASM? What does it
cover? Why is it important?
GET /common_mistakes HTTP/2 Lack of Change Management Not respecting Least
Privilege Misconfigured WAFs Cloud misconfigs (S3 buckets)
GET /hacker_perspective HTTP/2 • Subdomains • IPs • TLS certificates
• Third-party apps Recon EVERYTHING • Monitor for new assets • Monitor any change Continuous Monitoring
GET /thanks HTTP/2 Thank you for listening Questions? More questions?
DMs are open on and
jr0ch17
hideakiaoyagi
cuebic9bic
atomica7sei
kondoyuko
kawaguti
minorun365
iselegant
d120145
lamodatech
tajimon
gotok365
mtpooh
tammyeverts
marcduiker
deanohume
cromwellryan
honnibal
eileencodes
jonrohan
hannesfritz
sstephenson
kneath
sonatard
smashingmag
